Leapfrog Children’s Tablet Owners Should Remove Pet Chat Now

LeapFrog's LeapPad tablets

Various vulnerabilities in LeapFrog’s LeapPad devices accessible for children could be used to find children, communicate with them or phish relatives for delicate information. The tablets did not use HTTPS themselves, which exposed them to packet sniffing.

The problems were discovered on LeapPad Ultimate tablets that are especially designed for kids with precautions that give experiences that are protected from internet risks.

Children between 3 and 6 years can explore different applications (videos, books, games) that are specific to their era without internet access with minimal assistance from parents.

Pet Chat communication is open

Security scientists at Checkmarx found that, under certain circumstances, the LeapPad Ultimate Pet Chat app can expose the table place, and thus the kid.

The app is designed in keeping with the security of children and allows children to chat to each other with preset sentences and emoticons.

However, the app also produces an ad hoc Wi-Fi network that runs on WiGLE wireless devices nearby using the Pet Chat SSID. The WiGLE wireless network mapping service can then be used to determine the geographical position.

Anyone who scans the WiFi region and uploads it to WiGLE can obtain information about the hotspot and the MAC address and the scan moment.

LeapPadPetChat-location

“Attackers could check for isolated homes where children are using Pet Chat and try to launch more attacks,” Checkmarx says in a report shared with BleepingComputer.

The way Pet Chat works could also be misused by an attacker to send emails to the installed device in his wireless signal. This is feasible because no authentication is required in the communication protocol that it utilizes.

This implies that a range attacker can interact with a kid with Pet Chat.

LeapPadPetChat-message

Failure to provide HTTPS brings delicate information at danger.

The scientists discovered that the LeapPad Ultimate tablet itself did not use HTTPS communication to encrypt all the information it transferred.

By setting up a rogue access point, any data from the tablet could be intercepted by an intruder. It is prone to middle-in – the-center assaults, which could steal parent credit card information, email messages, names, addresses and children’s information from the tablet: name gender, birth date.

The MitM attack would also spoof information displayed in LeapPad Ultimate’s LeapSearch-a’ child-safe web browser that offers access to secure internet material.’ “We have developed the’ phishing version’ of the LeapSearch portal, by injecting real-life data in the past phase. This is apparently a legitimate version.

An intruder might use this to know the complete credit card number or safety code to authorize online purchases.

LeapPadPetChat-spoof

Checkmarx claims LeapFrog solved problems quickly and removed Pet Chat from its shops. However, the app may still be available on systems older than three years. Parents should manually uninstall it in this situation.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.